Search in sources :

Example 1 with AssertionManagerClient

use of com.sun.identity.saml.AssertionManagerClient in project OpenAM by OpenRock.

the class DefaultActionMapper method getSSOAssertion.

/**
     * This method exams the Evidence in the AuthorizationDecisionQuery.
     * It returns the first valid Assertion that contains at least one
     * AuthenticationStatement.
     * <p>
     * @see com.sun.identity.saml.plugins.ActionMapper#getSSOAssertion
     */
public Assertion getSSOAssertion(AuthorizationDecisionQuery query, String sourceID) {
    if (query == null) {
        return null;
    }
    Assertion assertion = null;
    // check evidence
    Evidence evi = query.getEvidence();
    if (evi != null) {
        Set assertions = evi.getAssertion();
        if (assertions != null) {
            Iterator iter = assertions.iterator();
            while (iter.hasNext()) {
                assertion = (Assertion) iter.next();
                if (SAMLUtils.isAuthNAssertion(assertion)) {
                    return assertion;
                }
            }
        // loop through assertions
        }
        Set idRefs = evi.getAssertionIDReference();
        if (idRefs != null) {
            Iterator iter = idRefs.iterator();
            try {
                AssertionManager am = AssertionManager.getInstance();
                AssertionIDReference idRef = null;
                while (iter.hasNext()) {
                    idRef = (AssertionIDReference) iter.next();
                    try {
                        // get the assertion from server id
                        String remoteUrl = SAMLUtils.getServerURL(idRef.getAssertionIDReference());
                        if (remoteUrl != null) {
                            // call AssertionManagerClient.getAssertion
                            if (SAMLUtils.debug.messageEnabled()) {
                                SAMLUtils.debug.message("DefaultActionMap" + "per: calling another in lb site:" + remoteUrl);
                            }
                            AssertionManagerClient amc = new AssertionManagerClient(SAMLUtils.getFullServiceURL(remoteUrl));
                            assertion = amc.getAssertion(idRef, sourceID);
                        } else {
                            assertion = am.getAssertion(idRef, sourceID);
                        }
                    } catch (Exception e) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("DefaultActionMapper." + "getSSOAssertion: exception when retrieving " + "Assertion from IDRef:" + e);
                        }
                        continue;
                    }
                    if (SAMLUtils.isAuthNAssertion(assertion)) {
                        return assertion;
                    }
                }
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("DefaultActionMapper: Couldn't" + " obtain AssertionManager instance:" + e);
                }
            }
        }
    }
    return null;
}
Also used : Set(java.util.Set) AssertionManager(com.sun.identity.saml.AssertionManager) Assertion(com.sun.identity.saml.assertion.Assertion) Iterator(java.util.Iterator) Evidence(com.sun.identity.saml.assertion.Evidence) AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference) AssertionManagerClient(com.sun.identity.saml.AssertionManagerClient) SAMLException(com.sun.identity.saml.common.SAMLException) MissingResourceException(java.util.MissingResourceException)

Example 2 with AssertionManagerClient

use of com.sun.identity.saml.AssertionManagerClient in project OpenAM by OpenRock.

the class DefaultActionMapper method convertEvidence.

private Map convertEvidence(Evidence evidence, Subject subject, String sourceID) {
    Map envParams = new HashMap();
    if (evidence == null) {
        return envParams;
    }
    Iterator iterator = null;
    Assertion assertion = null;
    String siteName = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
    String issuer = null;
    Set idRefs = evidence.getAssertionIDReference();
    if (idRefs != null) {
        iterator = idRefs.iterator();
        try {
            AssertionManager am = AssertionManager.getInstance();
            AssertionIDReference idRef = null;
            while (iterator.hasNext()) {
                idRef = (AssertionIDReference) iterator.next();
                try {
                    // get the assertion from server id
                    String remoteUrl = SAMLUtils.getServerURL(idRef.getAssertionIDReference());
                    if (remoteUrl != null) {
                        // call AssertionManagerClient.getAssertion
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("DefaultActionMapper:" + "calling another server in lb site:" + remoteUrl);
                        }
                        AssertionManagerClient amc = new AssertionManagerClient(SAMLUtils.getFullServiceURL(remoteUrl));
                        assertion = amc.getAssertion(idRef, sourceID);
                    } else {
                        assertion = am.getAssertion(idRef, sourceID);
                    }
                } catch (Exception e) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("DefaultActionMapper: " + "couldn't retrieve assertion from idRef:" + e);
                    }
                    continue;
                }
                // no need to check signature or time validation
                SAMLUtils.addEnvParamsFromAssertion(envParams, assertion, subject);
            }
        } catch (Exception e) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("DefaultActionMapper: Couldn't " + "obtain AssertionManager instance:" + e);
            }
        }
    }
    Set assertions = evidence.getAssertion();
    if (assertions != null) {
        iterator = assertions.iterator();
        while (iterator.hasNext()) {
            assertion = (Assertion) iterator.next();
            if ((!assertion.isSignatureValid()) || (!assertion.isTimeValid())) {
                continue;
            }
            issuer = assertion.getIssuer();
            if ((siteName != null) && (siteName.equals(issuer))) {
            // this server is the issuer
            } else {
                // is issuer trusted
                SAMLServiceManager.SOAPEntry sourceSite = SAMLUtils.getSourceSite(issuer);
                if (sourceSite == null) {
                    continue;
                }
            }
            SAMLUtils.addEnvParamsFromAssertion(envParams, assertion, subject);
        }
    }
    return envParams;
}
Also used : Set(java.util.Set) AssertionManager(com.sun.identity.saml.AssertionManager) HashMap(java.util.HashMap) Iterator(java.util.Iterator) Assertion(com.sun.identity.saml.assertion.Assertion) SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager) AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference) HashMap(java.util.HashMap) Map(java.util.Map) AssertionManagerClient(com.sun.identity.saml.AssertionManagerClient) SAMLException(com.sun.identity.saml.common.SAMLException) MissingResourceException(java.util.MissingResourceException)

Aggregations

AssertionManager (com.sun.identity.saml.AssertionManager)2 AssertionManagerClient (com.sun.identity.saml.AssertionManagerClient)2 Assertion (com.sun.identity.saml.assertion.Assertion)2 AssertionIDReference (com.sun.identity.saml.assertion.AssertionIDReference)2 SAMLException (com.sun.identity.saml.common.SAMLException)2 Iterator (java.util.Iterator)2 MissingResourceException (java.util.MissingResourceException)2 Set (java.util.Set)2 Evidence (com.sun.identity.saml.assertion.Evidence)1 SAMLServiceManager (com.sun.identity.saml.common.SAMLServiceManager)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1